API Specific Automatic Program Repair or how can we find and fix API Misuses automatically?
Nowadays, programmers re-use much code from existing code libraries by means of Application Programming Interfaces (APIs). Due to missing or outdated documentation as well as misunderstandings on how to correctly use a particular API, programmers may falsely apply that API.
If this false application leads to a negative behavior of the software, e.g. software crashes, performance losses, or inconvenient software usage, we denote these as API misuses.
Recent research has shown that half of the existing bugs demand an API-specific correction and therefore require knowledge on the correct application of the API. In order to be capable to create API-specific patches automatically, we represent such knowledge as API usage patterns. Based on the existing error localization techniques (e.g., testing, detection of deviant behavior) and mechanisms to extract API usage patterns (e.g. Specification Mining), we plan to create patches for API-specific bugs.
This topic is under ongoing research. For questions please refer to Sebastian Nielebock.
Publikationen
2020 |
Nielebock, Sebastian; Heumüller, Robert; Krüger, Jacob; Ortmeier, Frank Cooperative API Misuse Detection Using Correction Rules Inproceedings Forthcoming ACM, (Hrsg.): Proccedings of the 42nd IEEE/ACM International Conference on Software Engineering - New Ideas and Emerging Results Track, ICSE-NIER, ACM, Forthcoming. @inproceedings{Nielebock2020, title = {Cooperative API Misuse Detection Using Correction Rules}, author = {Sebastian Nielebock and Robert Heum\"{u}ller and Jacob Kr\"{u}ger and Frank Ortmeier}, editor = {ACM}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2020/02/cooperative-api-misuse-detection-1.pdf https://bitbucket.org/SNielebock/icse-2020-nier-cooperative-api-misuse/src/master/}, doi = {10.1145/3377816.3381735}, year = {2020}, date = {2020-05-29}, booktitle = {Proccedings of the 42nd IEEE/ACM International Conference on Software Engineering - New Ideas and Emerging Results Track, ICSE-NIER}, publisher = {ACM}, keywords = {}, pubstate = {forthcoming}, tppubtype = {inproceedings} } |
2019 |
Heumüller, Robert; Nielebock, Sebastian; Ortmeier, Frank SpecTackle - A Specification Mining Experimentation Platform Inproceedings Proceedings of the 45th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),Kallithea, Chalkidiki. Greece, Euromicro 2019. @inproceedings{Heum\"{u}ller2019, title = {SpecTackle - A Specification Mining Experimentation Platform}, author = {Robert Heum\"{u}ller and Sebastian Nielebock and Frank Ortmeier}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2019/11/paper_spectackle_heumueller2019.pdf}, year = {2019}, date = {2019-08-30}, booktitle = {Proceedings of the 45th Euromicro Conference on Software Engineering and Advanced Applications (SEAA),Kallithea, Chalkidiki. Greece}, organization = {Euromicro}, abstract = {Nowadays, API Specification Mining is an important cornerstone of automated software engineering. In this paper, we introduce SpecTackle, an IDE-based experimentation platform aiming to facilitate experimentation and validation of specification mining algorithms and tools. SpecTackle strives toward (1) providing easy access to various specification mining tools, (2) simplifying configuration and usage through a shared interface, and (3) in-code visualization of pattern occurrences. The first version supports two heterogeneous mining tools, a third-party graph-based miner as well as a custom sequence mining tool. In the long term, SpecTackle envisions to also provide ground-truth benchmark projects, a unified pattern meta-model and parameter optimization for mining tools.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Nowadays, API Specification Mining is an important cornerstone of automated software engineering. In this paper, we introduce SpecTackle, an IDE-based experimentation platform aiming to facilitate experimentation and validation of specification mining algorithms and tools. SpecTackle strives toward (1) providing easy access to various specification mining tools, (2) simplifying configuration and usage through a shared interface, and (3) in-code visualization of pattern occurrences. The first version supports two heterogeneous mining tools, a third-party graph-based miner as well as a custom sequence mining tool. In the long term, SpecTackle envisions to also provide ground-truth benchmark projects, a unified pattern meta-model and parameter optimization for mining tools. |
2018 |
Nielebock, Sebastian; Heumüller, Robert; Ortmeier, Frank Commits as a Basis for API Misuse Detection Inproceedings ACM, (Hrsg.): Proceedings of the 7th International Workshop on Software Mining (SoftwareMining ’18), September 3, 2018, Montpellier, France., S. 4, ACM, New York, NY, USA, 2018. @inproceedings{NielebockAPIMisuseCommits2018, title = {Commits as a Basis for API Misuse Detection}, author = {Sebastian Nielebock and Robert Heum\"{u}ller and Frank Ortmeier}, editor = {ACM}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2018/08/nielebock-et-al-Commits_as_a_Basis_for_API_Misuse_Detection.pdf}, doi = {10.1145/3242887.3242890}, year = {2018}, date = {2018-09-03}, booktitle = {Proceedings of the 7th International Workshop on Software Mining (SoftwareMining ’18), September 3, 2018, Montpellier, France.}, journal = {Proceedings of the 7th International Workshop on Software Mining (SoftwareMining ’18), September 3, 2018, Montpellier, France.}, pages = {4}, publisher = {ACM}, address = {New York, NY, USA}, abstract = {Programmers frequently make use of APIs. However, these usages can result in unintended, negative behavior, when developers are not aware of the correct usage or side effects of that API. Detecting those API misuses by means of automatic testing is challenging, as many test suites do not cover this unintended behavior. Instead, API usage patterns are used as specifications to verify the correctness of applications. However, to find meaningful patterns, i.e., those capable of fixing the misuse, the context of the misuse must be considered. Since the developer usually does not know which API is misused, a much larger code section has to be verified against many potential patterns. In this paper, we present a new idea to enhance API misuse detection by means of commits. We discuss the potential of using commits (1) to decrease the size of the code to be considered, (2) to identify suspicious commits, and (3) to contain API usages which can be used to shepherd API specification mining. This paper shows first results on the usability of commits for API misuse detection and some insights into what makes a commit suspicious in terms of exhibiting potential API misuses.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Programmers frequently make use of APIs. However, these usages can result in unintended, negative behavior, when developers are not aware of the correct usage or side effects of that API. Detecting those API misuses by means of automatic testing is challenging, as many test suites do not cover this unintended behavior. Instead, API usage patterns are used as specifications to verify the correctness of applications. However, to find meaningful patterns, i.e., those capable of fixing the misuse, the context of the misuse must be considered. Since the developer usually does not know which API is misused, a much larger code section has to be verified against many potential patterns. In this paper, we present a new idea to enhance API misuse detection by means of commits. We discuss the potential of using commits (1) to decrease the size of the code to be considered, (2) to identify suspicious commits, and (3) to contain API usages which can be used to shepherd API specification mining. This paper shows first results on the usability of commits for API misuse detection and some insights into what makes a commit suspicious in terms of exhibiting potential API misuses. |
Heumüller, Robert; Nielebock, Sebastian; Ortmeier, Frank Who plays with Whom? ... and How? Mining API Interaction Patterns from Source Code Inproceedings ACM, (Hrsg.): Proceedings of the 7th International Workshop on Software Mining (SoftwareMining ’18), S. 4, ACM, New York, NY, USA, 2018. @inproceedings{HeumuellerInteractionPatterns2018, title = {Who plays with Whom? ... and How? Mining API Interaction Patterns from Source Code}, author = {Robert Heum\"{u}ller and Sebastian Nielebock and Frank Ortmeier}, editor = {ACM}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2018/08/paper-mining-api-interactions.pdf}, doi = {10.1145/3242887.3242888}, year = {2018}, date = {2018-09-03}, booktitle = {Proceedings of the 7th International Workshop on Software Mining (SoftwareMining ’18)}, pages = {4}, publisher = {ACM}, address = {New York, NY, USA}, abstract = {State-of-science automated software engineering techniques increasingly rely on specification mining to provide API usage patterns for numerous applications, e.g. context sensitive code-completion, bug-detection or bug-fixing techniques. While some existing approaches already yield good results with respect to diverse tasks, the focus has always been on the inference of high-quality, reusable specifications for single APIs. However, in contemporary software development it is commonplace to combine a multitude of different libraries in order to increase efficiency by avoiding the reimplementation of the wheel. In contrast to prior research, in this idea paper we propose to explicitly study the patterns of interaction between multiple different APIs. First, we introduce a method for mining API interactions patterns from existing applications. Then, we give an overview of our preliminary investigation, in which we applied the method to a case-study of nearly 500 Android applications. The exemplary results show that there definitely exist valuable interaction patterns which can be helpful for various traditional and automated software engineering tasks.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } State-of-science automated software engineering techniques increasingly rely on specification mining to provide API usage patterns for numerous applications, e.g. context sensitive code-completion, bug-detection or bug-fixing techniques. While some existing approaches already yield good results with respect to diverse tasks, the focus has always been on the inference of high-quality, reusable specifications for single APIs. However, in contemporary software development it is commonplace to combine a multitude of different libraries in order to increase efficiency by avoiding the reimplementation of the wheel. In contrast to prior research, in this idea paper we propose to explicitly study the patterns of interaction between multiple different APIs. First, we introduce a method for mining API interactions patterns from existing applications. Then, we give an overview of our preliminary investigation, in which we applied the method to a case-study of nearly 500 Android applications. The exemplary results show that there definitely exist valuable interaction patterns which can be helpful for various traditional and automated software engineering tasks. |
Nielebock, Sebastian; Heumüller, Robert; Ortmeier, Frank Programmers do not Favor Lambda Expressions for Concurrent Object-Oriented Code Artikel Springer Empirical Software Engineering (EMSE), 24 (1), S. 103–138, 2018, ISSN: 1382-3256. @article{NielebockLambda2018, title = {Programmers do not Favor Lambda Expressions for Concurrent Object-Oriented Code}, author = {Sebastian Nielebock and Robert Heum\"{u}ller and Frank Ortmeier}, editor = {Springer}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2018/11/2018-11-06-ESEC-FSE-Lambda-In-Concurrency_prepared_publication.pdf https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2018/10/journal-emse-lambda-1.pdf https://bitbucket.org/SNielebock/lambdainconcurrentdataset}, doi = {10.1007/s10664-018-9622-9}, issn = {1382-3256}, year = {2018}, date = {2018-05-02}, journal = {Springer Empirical Software Engineering (EMSE)}, volume = {24}, number = {1}, pages = {103--138}, abstract = {Lambda expressions have long been state-of-the-art in the functional programming paradigm. Especially with regard to the use of higher-order functions, they provide developers with a means of defining predicate or projection functions locally, which greatly increases the comprehensibility of the resulting source code. This benefit has motivated language designers to also incorporate lambda expressions into object-oriented (OO) programming languages. In particular, they are claimed to facilitate concurrent programming. One likely reason for this assumption is their purity: pure lambda expressions are free of side effects, and therefore cannot cause, e.g., race conditions. In this paper, we present the first empirical analysis of whether or not this claim is true for OO projects. For this purpose, we investigated the application of lambda expressions in 2,923 open-source projects, implemented in one of the most common OO programming languages: C#, C++, and Java. We present three major findings. First, the majority of lambda expressions are not applied in concurrent code and most concurrent code does not make use of lambda expressions. Second, for all three of the languages, we observed that developers compromise their code by applying a significantly higher number of impure, capturing lambda expressions, which are capable of causing race conditions. Finally, we explored further use cases of lambda expressions and found out that testing, algorithmic implementation, and UI are far more common use-cases for the application of lambda expressions. Our results encourage to investigate in more detail the reasons that hinder programmers to apply lambda expressions in concurrent programming and to support developers, e.g., by providing automatic refactorings.}, keywords = {}, pubstate = {published}, tppubtype = {article} } Lambda expressions have long been state-of-the-art in the functional programming paradigm. Especially with regard to the use of higher-order functions, they provide developers with a means of defining predicate or projection functions locally, which greatly increases the comprehensibility of the resulting source code. This benefit has motivated language designers to also incorporate lambda expressions into object-oriented (OO) programming languages. In particular, they are claimed to facilitate concurrent programming. One likely reason for this assumption is their purity: pure lambda expressions are free of side effects, and therefore cannot cause, e.g., race conditions. In this paper, we present the first empirical analysis of whether or not this claim is true for OO projects. For this purpose, we investigated the application of lambda expressions in 2,923 open-source projects, implemented in one of the most common OO programming languages: C#, C++, and Java. We present three major findings. First, the majority of lambda expressions are not applied in concurrent code and most concurrent code does not make use of lambda expressions. Second, for all three of the languages, we observed that developers compromise their code by applying a significantly higher number of impure, capturing lambda expressions, which are capable of causing race conditions. Finally, we explored further use cases of lambda expressions and found out that testing, algorithmic implementation, and UI are far more common use-cases for the application of lambda expressions. Our results encourage to investigate in more detail the reasons that hinder programmers to apply lambda expressions in concurrent programming and to support developers, e.g., by providing automatic refactorings. |
Heumüller, Robert Leveraging project-specificity to find suitable specifications: student research abstract Inproceedings ACM, (Hrsg.): Proceedings of the 33rd Annual ACM Symposium on Applied Computing, 2018, ISBN: 978-1-4503-5191-1. @inproceedings{Heum\"{u}ller2018, title = {Leveraging project-specificity to find suitable specifications: student research abstract}, author = {Robert Heum\"{u}ller}, editor = {ACM}, doi = {10.1145/3167132.3167455}, isbn = {978-1-4503-5191-1}, year = {2018}, date = {2018-04-09}, booktitle = {Proceedings of the 33rd Annual ACM Symposium on Applied Computing}, abstract = {Automated inference of API specifications is crucial for scaling various automated software engineering tasks such as bug-detection or bug-fixing. Prior research has therefore focused on techniques to improve the quality, diversity and availability of specifications. Consequently, efficient ways of retrieving the appropriate specifications for a particular task from a specification database will be necessary in future. In our research, we analyse projects using information retrieval techniques (tf-idf), to determine which specifications are characteristic for a project. Our hypothesis is that this knowledge can be exploited to significantly optimize the search process, by focussing on projects which are similar in terms of their characteristic API usages. Initial results indicate that a project-specificity based selection of specifications from different sources can produce candidate sets featuring a larger variety of interesting specifications than support-based, project-agnostic heuristics.}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } Automated inference of API specifications is crucial for scaling various automated software engineering tasks such as bug-detection or bug-fixing. Prior research has therefore focused on techniques to improve the quality, diversity and availability of specifications. Consequently, efficient ways of retrieving the appropriate specifications for a particular task from a specification database will be necessary in future. In our research, we analyse projects using information retrieval techniques (tf-idf), to determine which specifications are characteristic for a project. Our hypothesis is that this knowledge can be exploited to significantly optimize the search process, by focussing on projects which are similar in terms of their characteristic API usages. Initial results indicate that a project-specificity based selection of specifications from different sources can produce candidate sets featuring a larger variety of interesting specifications than support-based, project-agnostic heuristics. |
Schott, Kevin Michael Extraktion relevanter API-spezifischer Informationen zur automatischen Korrektur von Softwarefehlern Abschlussarbeit Otto-von-Guericke-Unviersität Magdeburg, 2018. @mastersthesis{SchottExtractionBA2018, title = {Extraktion relevanter API-spezifischer Informationen zur automatischen Korrektur von Softwarefehlern}, author = {Kevin Michael Schott}, editor = {Sebastian Nielebock and Frank Ortmeier}, year = {2018}, date = {2018-03-13}, school = {Otto-von-Guericke-Unviersit\"{a}t Magdeburg}, abstract = {Bekanntlich ist Softwareentwicklung nicht fehlerfrei. W\"{a}hrend der Fokus auf der Entwicklung neuer Komponenten liegen sollte, geht viel Zeit in die Behebung existierender Programmfehler verloren. Jene Programmfehler, welche das Softwaresystem in einen regressiven Zustand versetzen - sodass dieses nicht mehr ordnungsgem\"{a}{\ss} funktioniert - sind oftmals m\"{u}hselig zu beheben. Dadurch ist der zust\"{a}ndige Programmierer meist auf unbestimmte Zeit verpflichtet, diesen zu beheben, wodurch er dem Unternehmen nicht f\"{u}r die Weiterentwicklung zur Verf\"{u}gung steht. Dieser zeitliche Engpass kann monet\"{a}re R\"{u}ckschl\"{a}ge bedeuten, insbesondere wenn es sich um eine sicherheitskritische L\"{u}cke im Softwaresystem handelt. Die Dom\"{a}ne der automatischen Fehlerkorrektur will solchen Problemen entgegenwirken, indem versucht wird, ein Ansatz zu finden, der den entstandenen Fehler automatisch beheben kann oder dem Programmierer wenigstens einen L\"{o}sungsvorschlag liefert. Heutzutage ist der Umgang mit Application-Programming-Interfaces (kurz APIs) beinahe allt\"{a}glich f\"{u}r jeden Programmierer, was einen Ansatz zur automatischen Korrektur von Softwarefehlern schwer bis gar nicht generalisieren l\"{a}sst. Deren Dokumentation ist oft nicht hinreichend oder unverst\"{a}ndlich. Dadurch wird die API falsch benutzt, sodass unter anderem Methodenaufrufe vergessen oder in falscher Reihenfolge verwendet werden. J\"{u}ngste Studien zeigen zudem, dass bei circa jeder zweiten Fehlerbehebung mindestens eine API-spezifische \"{A}nderung vorgenommen werden muss, um den Fehler ganzheitlich zu beheben. Herk\"{o}mmliche Ans\"{a}tze zur automatischen Korrektur von Softwarefehlern k\"{o}nnen aufgrund ihrer generischen Natur diese Programmfehler oftmals nicht vollst\"{a}ndig beheben und m\"{u}ssen erweitert werden. Im Rahmen dieser Arbeit wird ein Konzept vorgestellt, mit dessen Hilfe diese Programmfehler m\"{o}glicherweise korrigiert werden k\"{o}nnen. Prim\"{a}r wird jedoch erforscht, welche Informationen aus einem API-spezifischen Kontext extrahiert und verarbeitet werden m\"{u}ssen, um eine Korrektur vornehmen zu k\"{o}nnen. Daf\"{u}r wird ein Prototyp entwickelt, der diese Informationsextraktion \"{u}bernimmt und \"{a}hnlichen Quellcode herunterl\"{a}dt, sodass in diesem potenziell eine richtige Benutzung der gesuchten API enthalten ist, welche als Korrektur des Fehlers dienen soll.}, keywords = {}, pubstate = {published}, tppubtype = {mastersthesis} } Bekanntlich ist Softwareentwicklung nicht fehlerfrei. Während der Fokus auf der Entwicklung neuer Komponenten liegen sollte, geht viel Zeit in die Behebung existierender Programmfehler verloren. Jene Programmfehler, welche das Softwaresystem in einen regressiven Zustand versetzen - sodass dieses nicht mehr ordnungsgemäß funktioniert - sind oftmals mühselig zu beheben. Dadurch ist der zuständige Programmierer meist auf unbestimmte Zeit verpflichtet, diesen zu beheben, wodurch er dem Unternehmen nicht für die Weiterentwicklung zur Verfügung steht. Dieser zeitliche Engpass kann monetäre Rückschläge bedeuten, insbesondere wenn es sich um eine sicherheitskritische Lücke im Softwaresystem handelt. Die Domäne der automatischen Fehlerkorrektur will solchen Problemen entgegenwirken, indem versucht wird, ein Ansatz zu finden, der den entstandenen Fehler automatisch beheben kann oder dem Programmierer wenigstens einen Lösungsvorschlag liefert. Heutzutage ist der Umgang mit Application-Programming-Interfaces (kurz APIs) beinahe alltäglich für jeden Programmierer, was einen Ansatz zur automatischen Korrektur von Softwarefehlern schwer bis gar nicht generalisieren lässt. Deren Dokumentation ist oft nicht hinreichend oder unverständlich. Dadurch wird die API falsch benutzt, sodass unter anderem Methodenaufrufe vergessen oder in falscher Reihenfolge verwendet werden. Jüngste Studien zeigen zudem, dass bei circa jeder zweiten Fehlerbehebung mindestens eine API-spezifische Änderung vorgenommen werden muss, um den Fehler ganzheitlich zu beheben. Herkömmliche Ansätze zur automatischen Korrektur von Softwarefehlern können aufgrund ihrer generischen Natur diese Programmfehler oftmals nicht vollständig beheben und müssen erweitert werden. Im Rahmen dieser Arbeit wird ein Konzept vorgestellt, mit dessen Hilfe diese Programmfehler möglicherweise korrigiert werden können. Primär wird jedoch erforscht, welche Informationen aus einem API-spezifischen Kontext extrahiert und verarbeitet werden müssen, um eine Korrektur vornehmen zu können. Dafür wird ein Prototyp entwickelt, der diese Informationsextraktion übernimmt und ähnlichen Quellcode herunterlädt, sodass in diesem potenziell eine richtige Benutzung der gesuchten API enthalten ist, welche als Korrektur des Fehlers dienen soll. |
2017 |
Nielebock, Sebastian Towards API-Specific Automatic Program Repair Inproceedings IEEE/ACM, (Hrsg.): Proceedings of the IEEE/ACM 32nd International Conference on Automated Software Engineering (ASE 2017 ) - Doctoral Symposium, 2017. @inproceedings{nielebock-towards-asaprepair-ASE-DS-2017, title = {Towards API-Specific Automatic Program Repair}, author = {Sebastian Nielebock}, editor = {IEEE/ACM}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2017/10/ase17doc-doc1-p-02d3c79-34274-preprint-1.pdf https://dl.acm.org/citation.cfm?id=3155697&CFID=827043089&CFTOKEN=40273216}, year = {2017}, date = {2017-10-30}, booktitle = {Proceedings of the IEEE/ACM 32nd International Conference on Automated Software Engineering (ASE 2017 ) - Doctoral Symposium}, keywords = {}, pubstate = {published}, tppubtype = {inproceedings} } |
Eiserloh, Matthias Semantische Suche für automatische Fehlerkorrekturen im objektorientierten Paradigma Abschlussarbeit Otto-von-Guericke Universität Magdeburg, 2017. @mastersthesis{eiserlohJSearchRepair2017, title = {Semantische Suche f\"{u}r automatische Fehlerkorrekturen im objektorientierten Paradigma}, author = {Matthias Eiserloh}, editor = {Sebastian Nielebock and Frank Ortmeier}, url = {https://cse.cs.ovgu.de/cse-wordpress/wp-content/uploads/2017/07/BA_2017_EiserlohMatthias-1.pdf}, year = {2017}, date = {2017-07-03}, school = {Otto-von-Guericke Universit\"{a}t Magdeburg}, type = {Bachelor Thesis}, keywords = {}, pubstate = {published}, tppubtype = {mastersthesis} } |
API Specific Automatic Program Repair (ASAP-Repair)